RedEaredSlider writes: The recent attack on Sony's PlayStation Network and Qriocity services may force companies to treat the personal information of its users with as much seriousness as they do credit card information..

Beth Jones, a Senior Threat Researcher at Sophos Labs, says that the recent breach of Sony's PlayStation Network may have ripple effects on regulatory control of American consumers' personal information.

The PlayStation Network was hacked last week, and Sony had to admit that users' personal details, such as email addresses, passwords and phone numbers, may have been taken. The haul of data was huge — 77 million people use the PSN.

Credit data is governed by the Payment Card Industry Data Security Standard, established in 2006. Under the standard, companies that process credit card data are must comply with a set of requirements meant to prevent data theft and fraud. "I'm wondering if the regulatory authorities will extend PCS compliancy to other information," Jones said.

PCI/DSS standards clearly dictate that all customer data, when "at rest" (i.e. on disk, in a database, etc.) needs to be encrypted:
https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf [pcisecuritystandards.org]
"Do use strong cryptography to render unreadable cardholder data that you store, and use other layered security technologies to minimize the risk of exploits by criminals"
That Sony (and all the other businesses and institutions that have been hacked, left laptops to be stolen, etc.) doesn't do this is inexcus